Discover more from Cloud Everyday
Identity and Access Management (IAM) - Jo Peterson
We invited Jo Peterson VP of Cloud and Security at Clarify360 to share about IAM.
By Jo Peterson
There are 6 key areas in Cloud Security
· Identity and Access Management
· Network and Application Protection
· Data Protection
· Incident response
AWS addresses these 6 areas via across 31 different products.
Today we’re chatting about AWS Identity and Access Management (IAM)
AWS Identity and Access Management manages identities across single AWS accounts or centrally connect identities to multiple AWS accounts. It allows you to grant temporary security credentials for workloads that access your AWS resources. Additionally you are able to continually analyze access to right-size permissions on the journey to least privilege.
So how does it work?
With AWS Identity and Access Management (IAM), you can specify who or what can access services and resources in AWS, centrally manage fine-grained permissions, and analyze access to refine permissions across AWS.
Why use IAM?
Use IAM to manage and scale workload and workforce access securely supporting your agility and innovation in AWS.
How would you use it? Here are a few ways
Apply fine-grained permissions and scale with attribute-based access control
Create granular permissions based on user attributes—such as department, job role, and team name—by using attribute-based access control.
Manage per-account access or scale access across AWS accounts and applications
Manage per-account identities with IAM or use IAM Identity Center to provide multi-account access and application assignments across AWS.
Establish organization-wide and preventative guardrails on AWS
Use service control policies to establish permissions guardrails for IAM users and roles, and implement a data perimeter around your accounts in AWS Organizations.
Set, verify, and right-size permissions toward least privilege
Streamline permissions management and use cross-account findings as you set, verify, and refine policies on the journey toward least privilege.
AWS Everyday is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.